GalaxyS3I9300PrivacySecurityEvaluation » History » Version 27
Denis 'GNUtoo' Carikli, 06/09/2019 09:31 PM
|1||1||Denis 'GNUtoo' Carikli||
|3||2||Denis 'GNUtoo' Carikli||
Note that this information may or may not be exhaustive.
It also may or may not contain all known issues or good point about this device.
|5||1||Denis 'GNUtoo' Carikli|
|6||5||Denis 'GNUtoo' Carikli||
h2. General freedom issues on the Galaxy S 3 (I9300):
|8||26||Denis 'GNUtoo' Carikli||
* The bootloader is proprietary and signed. It's only possible to replace part of it.
|9||27||Denis 'GNUtoo' Carikli||
* The bootloader also loads a proprietary OS on the main CPU, in "TrustZone":https://en.wikipedia.org/wiki/Trusted_execution_environment. See "this analysis":https://sensepost.com/blog/2013/a-software-level-analysis-of-trustzone-os-and-trustlets-in-samsung-galaxy-phone/ for more details on the precise implementation for the Galaxy SIII.
|10||25||Denis 'GNUtoo' Carikli||
* Some peripherals do require proprietary firmwares to work.
** See [[GalaxyS3I9300LoadedFirmwares|some of which have to be loaded by the system]].
** See also the "Missing without non-free firmwares" status in [[ReplicantStatus]].
* The bootrom is the first code that is executed, it's stored in a read-only memory: see "freedom-privacy-security-issues":https://www.replicant.us/freedom-privacy-security-issues.php for more details.
|14||12||Denis 'GNUtoo' Carikli||
* The hardware is proprietary, and we are not aware if any its schematics is available somewhere on the Internet.
|15||1||Denis 'GNUtoo' Carikli|
|16||5||Denis 'GNUtoo' Carikli||
h2. Modem related:
|17||6||Denis 'GNUtoo' Carikli|
|18||5||Denis 'GNUtoo' Carikli||
The modem runs non-free software, which is loaded but not shipped by Replicant.
* When using flight mode, The main CPU has to ask the modem to power itself off.
|20||1||Denis 'GNUtoo' Carikli||
* The modem is isolated:
|21||24||Denis 'GNUtoo' Carikli||
** It doesn't use shared memory to communicate with the main CPU, instead it uses HSIC, which is a version of USB 2.0 meant to interface chips together directly. Here the modem also cannot change USB IDs without having the main CPU reset the HSIC bus.
** We are not aware of it being able to access the GPS, but it wouldn't be surprising if it still could (by having a direct connection to it: since no schematics are publicly available we have easy no way to check).
|23||3||Denis 'GNUtoo' Carikli||
** It has no access to the other CPU peripherals.
|24||7||Denis 'GNUtoo' Carikli||
* "Terminal profile":https://terminal-profile.osmocom.org/decode.php?tp=ffffffff7f1f00dfff00001fa2010a860749000000000000000000000010
|25||5||Denis 'GNUtoo' Carikli|
|26||6||Denis 'GNUtoo' Carikli||
|27||5||Denis 'GNUtoo' Carikli|
|28||13||Denis 'GNUtoo' Carikli||
* Investigate its terminal profile
* Investigate device factory reset security in both Replicant and its recovery (Does it really wipe files?)
|30||14||Denis 'GNUtoo' Carikli||
* Investigate the flash layout, EMMC partitions, EMMC firmware
|31||23||Denis 'GNUtoo' Carikli||
* The Exynos 4412 reference manual says that the PMIC firmware can be reflashed (see the IROM_DATA_REG0 register in the subsection 184.108.40.206 of the Chapter 8 (Power Management Unit)).